Command Injection Vulnerability in Netwrix Password Secure Software by Netwrix
CVE-2025-26817
Key Information:
- Vendor
Netwrix
- Status
- Vendor
- CVE Published:
- 3 April 2025
Badges
What is CVE-2025-26817?
CVE-2025-26817 is a command injection vulnerability found in Netwrix Password Secure version 9.2.0.32454, a software designed to provide secure password management and storage solutions for organizations. The vulnerability allows attackers to execute arbitrary operating system commands through crafted input, which could be exploited if an application interacts with the vulnerable software without proper validation of user inputs. By leveraging this vulnerability, an attacker could gain unauthorized access to the underlying operating system, potentially leading to severe security breaches that could compromise sensitive organizational data.
Potential impact of CVE-2025-26817
-
Unauthorized Access and Control: The command injection flaw could allow attackers to execute arbitrary commands on the server hosting the Netwrix Password Secure software, enabling them to take full control of the system.
-
Data Breaches: Exploiting this vulnerability may grant attackers access to sensitive credentials and other confidential information stored within Netwrix Password Secure, leading to potential data leaks.
-
Widespread System Compromise: If attackers gain control over the vulnerable system, they may further propagate inside the network, potentially compromising other applications and services, escalating the risk of a larger security incident.
News Articles
CVE Trends Dashboard
We're in the process of developing the mobile version of our website to improve your browsing experience on smaller screens. Keep an eye out for its release in the near future.Thank you for your patience!

Netwrix Password Manager Vulnerability Allows Authenticated Remote Code Execution
CVE-2025-26817 in Netwrix Password Secure allows code execution by authenticated users; all versions up to 9.2.2 are affected.
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by CybersecurityNews
Vulnerability published
Vulnerability Reserved